How to stop Redirect (forms authentication) from 'root' URL?

asp.net authentication iis-7

Solution 1:

The location tags can target specific files and subfolders but can't target the root (i.e. /). One option is to start with all allowed and block files and folders. The problem there is that if you forget to do this for new folders your site can be vulnerable.

I believe that you can use URL Rewrite to handle the default doc and point to default.aspx with a 'rewrite' rule. For example, in the url match, use "^$" which means exactly nothing. Then for the action, rewrite to /default.aspx. Then .NET will see /default.aspx and won't redirect for you.

Related

Small (Business) Server - Microsoft Windows Search or Microsoft Search Server 2008 Express
How to run icinga with a apache vHost?
How do I set up my own CA for certs and begin importing it in my Computers and/or browsers
When a file is copied on NTFS the Modified Date is also copied?
Can you screen a running programme? [duplicate]
Spf passes or fails depending on receiver address
How to edit registry hives without live running
Users still have access to Outlook Web Access after disabling account or changing password
Windows Server 2000 hardware question
Too many connections to SQL 2005
Who or what is sending spam from my server ( CentOS / Apache / suPHP )
How can I install packages from the RHEL6's Optional Channel via Kickstart?